CRITICAL Patch AvailableCVE-2024-21513

GitHub Copilot Workspace Insecurely Exposes Read/Write Terminal Access via Malicious Markdown

Discovered 20 January 2026 2 views

Overview

A critical vulnerability was discovered in the GitHub Copilot extension for Visual Studio Code that could allow for remote code execution. The vulnerability was triggered when a developer opened a malicious repository or workspace containing a specifically crafted Markdown file. The attack leveraged an obscure feature in VS Code's Markdown rendering and task execution engine. An attacker could embed a special link or code block in a Markdown file (e.g., `README.md`). When the Copilot extension pre-processed or interacted with this file to provide context-aware suggestions, it could be tricked into interpreting the content as a command to be executed. This command would open a read/write terminal session and forward it to an attacker-controlled server, effectively giving the attacker full shell access to the developer's machine within the context of the user's session. This exploit is particularly dangerous because it requires no user interaction beyond opening a trusted-looking project folder. The attacker could then exfiltrate code, inject backdoors, steal environment variables (including cloud and API keys), and pivot into the victim's corporate network. The discovery highlighted the complex attack surface introduced by AI coding assistants that have deep integration with the IDE and file system.

Affected Systems

GitHub Copilot for VS Code < 1.155.0

Testing Guide

1. **Check Extension Version**: In Visual Studio Code, navigate to the Extensions view (Ctrl+Shift+X), search for 'GitHub Copilot', and verify that the installed version is `1.155.0` or higher. 2. **Review Workspace Trust**: Check your VS Code settings for Workspace Trust (`settings.json` -> `security.workspace.trust.enabled`). Ensure it is enabled to prevent automatic code execution in untrusted folders.

Mitigation Steps

1. **Update Extension**: Immediately update the GitHub Copilot extension in Visual Studio Code to version `1.155.0` or later. 2. **Enable Restricted Mode**: Use VS Code's 'Restricted Mode' when opening projects from untrusted sources. This mode disables extensions and limits potentially dangerous features until you explicitly trust the workspace. 3. **Be Cautious with Cloned Repositories**: Before opening a cloned repository from an unknown source, inspect its contents, particularly Markdown files and configuration files (like `.vscode/`), for any suspicious links or commands.

Patch Details

Patched in version 1.155.0 of the GitHub Copilot VS Code extension. The patch sanitizes how markdown content is processed by the extension.

Sources

← Back to vulnerabilities